1. Field of the Invention
The present invention relates to connections between computer systems established across computer networks. More specifically, the present invention relates to a method and an apparatus for sharing a single secure connection with a client computer system between multiple servers, so that each of the multiple servers does not have to separately establish a secure connection with the client computing system.
2. Related Art
The advent of computer networks has led to an explosion in the development of applications that facilitate rapid communication of information between computer systems.
One problem with sending information across computer networks is that it is hard to ensure that sensitive information is kept confidential. This is because a message containing sensitive information can potentially traverse many different computer networks, and many different computer systems, before it arrives at its ultimate destination. An adversary can potentially intercept a message at any of these intermediate points along the way.
One way to remedy this problem is to “encrypt” sensitive data using an encryption key so that only someone who possesses a corresponding decryption key can decrypt the data. (Note that for commonly used symmetric encryption mechanisms the encryption key and the decryption key are the same key.) For example, a person sending sensitive data across a computer network can encrypt the sensitive data using the encryption key before it is sent across a computer network. At the other end, a recipient of the data can use the corresponding decryption key to decrypt the data.
A number of protocols, such as the secure sockets layer (SSL) protocol, have been developed to establish secure communication channels across computer networks. The SSL protocol uses encryption and authentication techniques to ensure communications between a client and a server remain private. In establishing a SSL connection (or session) between a client and a server, the client and the server exchange a number of messages that: authenticate the server to the client (through use of a digital certificate); allow the client and the server to select cryptographic mechanisms that they both support; authenticate the client to the server (optional); use public-key encryption techniques to securely exchange shared secrets; and establish an encrypted SSL connection.
Unfortunately, there is presently no way to share the same SSL session across multiple servers within the same trusted web domain. Hence, applications must set up and maintain a separate SSL connection on each server, which can greatly degrade scalability of the system.
Each secure SSL session can take anywhere between one half second to one second to establish. This is an enormously large time in comparison to the time required to establish a web connection of about 10-20 ms. Web sites currently solve this performance problem in a number of ways: by deploying large amounts of computational hardware; by limiting a service to few subscribers; or by hosting all security sensitive applications on the same machine, or by relaxing the security requirements on most of the web pages.
None of these solutions are acceptable for electronic commerce applications that require secure, scalable and modular systems in order to handle large volumes of traffic. For example, a medium-to-large electronic commerce site typically has a separate billing server, a separate account management server, a separate order server, and a separate customer management server. Furthermore, multiple instances of each of these servers may exist for load balancing and high availability purposes.
Aside from the performance problems arising from establishing secure connections, simply maintaining a public key infrastructure (PKI) revocation and authorization policy on every server can also create significant administration problems.
What is needed is a method and an apparatus that allows sharing of an established secure communication session across multiple servers.